EHR vendor Allscripts suffered a ransomware attack on January 18, 2018. Any member of The Doctors Company who has been affected should send notification of the matter to us at ClaimService@thedoctors.com. We will put the member in touch with a privacy attorney. Privacy counsel will, in turn, be liaising with Allscripts to determine what, if any, notifications will be required from this incident and who will be making them.
Members should not provide notice to their patients and/or the OCR unless and until privacy counsel makes a recommendation to do so. Most ransomware incidents do not result in a notifiable breach, so notification before all the facts are known and analyzed can be a major misstep and result in unnecessary headaches, lawsuits, and governmental inquiries. If members do have notification obligations, we will coordinate with them to provide notifications (or to ensure that Allscripts provides them on the member’s behalf, which is how similar matters have been handled in the past).